[Samba] Slow, Incorrect Group Resolution through Winbind

[Sonic]

On Wed, Sep 13, 2017 at 10:48 AM, Rich Otero via samba
<samba at lists.samba.org> wrote:

>         server max protocol = SMB2_22
>         max protocol = SMB2_22
>         protocol = SMB2_22

The 3 lines above all mean the same thing, the last 2 are synonyms of the first.
Taking a peek at "man smb.conf" is a good place to start.

>         idmap uid = 16777216-33554431
>         idmap gid = 16777216-33554431

The above 2 lines should be dropped.

>         idmap config * : range = 16777216-33554431
>         idmap config * : backend = tdb

Should be more like:
         idmap config STUDENTS : range = 16777216-33554431
         idmap config STUDENTS : backend = tdb

...plus something like:
         idmap config * : range = 10000-20000
         idmap config * : backend = tdb
... using a different range than configured for STUDENTS.

Again "man smb.conf" is your friend.

> I know that we are using some deprecated options, but this configuration
> typically works well for us.

Apparently not :-)

> Besides the logging options, allow me to explain the other two: I set
> "password server" to restrict Winbind from contacting DCs that it can't
> actually reach.

Not really sure that the "password server" parameter has any affect on
winbind, think it's just an smbd directive.

Chris